summaryrefslogtreecommitdiff
path: root/source4/libcli
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2004-04-21 05:01:31 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 12:51:19 -0500
commit5f545543f0bfb9d97d6401576906c0ba9e596cd1 (patch)
tree048b807b3904f10f949c72df0d4338769c2f06ec /source4/libcli
parent6428ffb89a350d70cb62b4b1574dd671d840e62c (diff)
downloadsamba-5f545543f0bfb9d97d6401576906c0ba9e596cd1.tar.gz
samba-5f545543f0bfb9d97d6401576906c0ba9e596cd1.tar.bz2
samba-5f545543f0bfb9d97d6401576906c0ba9e596cd1.zip
r305: - added IDL and test code for samr_RidToSid()
- completed the IDL and test code for the various set user password mechanisms in samr. Three password mechanisms are now working, the UserInfo24 method, the OemChangePasswordUser2() method (which only sets the LM password) and the ChangePasswordUser2() method which sets both the LM and NT passwords. - updated some crypto routines to support the password change tests (This used to be commit 051efa2abf9d1fbbf783df411c02f2714027f813)
Diffstat (limited to 'source4/libcli')
-rw-r--r--source4/libcli/util/smbdes.c30
-rw-r--r--source4/libcli/util/smbencrypt.c21
2 files changed, 36 insertions, 15 deletions
diff --git a/source4/libcli/util/smbdes.c b/source4/libcli/util/smbdes.c
index d282b0135a..80b938b460 100644
--- a/source4/libcli/util/smbdes.c
+++ b/source4/libcli/util/smbdes.c
@@ -357,7 +357,8 @@ void cred_hash3(unsigned char *out, unsigned char *in, const unsigned char *key,
smbhash(out + 8, in + 8, key2, forw);
}
-void SamOEMhash( unsigned char *data, const unsigned char *key, int val)
+
+void SamOEMhashBlob(unsigned char *data, int len, const DATA_BLOB *key)
{
unsigned char s_box[256];
unsigned char index_i = 0;
@@ -369,23 +370,22 @@ void SamOEMhash( unsigned char *data, const unsigned char *key, int val)
s_box[ind] = (unsigned char)ind;
}
- for( ind = 0; ind < 256; ind++) {
+ for (ind = 0; ind < 256; ind++) {
unsigned char tc;
-
- j += (s_box[ind] + key[ind%16]);
-
+
+ j += (s_box[ind] + key->data[ind%key->length]);
+
tc = s_box[ind];
s_box[ind] = s_box[j];
s_box[j] = tc;
}
-
- for (ind = 0; ind < val; ind++){
+ for (ind = 0; ind < len; ind++) {
unsigned char tc;
unsigned char t;
index_i++;
index_j += s_box[index_i];
-
+
tc = s_box[index_i];
s_box[index_i] = s_box[index_j];
s_box[index_j] = tc;
@@ -395,6 +395,20 @@ void SamOEMhash( unsigned char *data, const unsigned char *key, int val)
}
}
+/*
+ a varient that assumes a 16 byte key. This should be removed
+ when the last user is gone
+*/
+void SamOEMhash(unsigned char *data, const unsigned char keystr[16], int len)
+{
+ DATA_BLOB key;
+
+ key.length = 16;
+ key.data = keystr;
+
+ SamOEMhashBlob(data, len, &key);
+}
+
/* Decode a sam password hash into a password. The password hash is the
same method used to store passwords in the NT registry. The DES key
diff --git a/source4/libcli/util/smbencrypt.c b/source4/libcli/util/smbencrypt.c
index 13d56e1e78..a1c026a27d 100644
--- a/source4/libcli/util/smbencrypt.c
+++ b/source4/libcli/util/smbencrypt.c
@@ -460,21 +460,28 @@ BOOL SMBNTLMv2encrypt(const char *user, const char *domain, const char *password
}
/***********************************************************
- encode a password buffer. The caller gets to figure out
- what to put in it.
+ encode a password buffer with a unicode password. The buffer
+ is filled with random data to make it harder to attack.
************************************************************/
-BOOL encode_pw_buffer(char buffer[516], char *new_pw, int new_pw_length)
+BOOL encode_pw_buffer(char buffer[516], const char *password, int string_flags)
{
- generate_random_buffer((unsigned char *)buffer, 516, True);
+ uchar new_pw[512];
+ size_t new_pw_len;
- memcpy(&buffer[512 - new_pw_length], new_pw, new_pw_length);
+ new_pw_len = push_string(NULL, new_pw,
+ password,
+ sizeof(new_pw), string_flags);
+
+ memcpy(&buffer[512 - new_pw_len], new_pw, new_pw_len);
+
+ generate_random_buffer((unsigned char *)buffer, 512 - new_pw_len, True);
/*
* The length of the new password is in the last 4 bytes of
* the data buffer.
*/
- SIVAL(buffer, 512, new_pw_length);
-
+ SIVAL(buffer, 512, new_pw_len);
+ ZERO_STRUCT(new_pw);
return True;
}